Topics from Practice Tests

Question 1

What is Lambda SnapStart

Answer 1

AWS Lambda SnapStart is a feature designed to improve the startup performance of AWS Lambda functions, specifically those written in Java. SnapStart reduces the cold start latency that can occur when a Lambda function is invoked for the first time or after a period of inactivity

Question 2

AWS Cost Anomaly Detection

Answer 2

AWS Cost Management feature. This feature uses machine learning models to detect and alert on anomalous spend patterns in your deployed AWS services

Question 3

AWS Control Tower

Answer 3

AWS Control Toweris a high-level service offering a straightforward way to set up and govern an AWS multi-account environment, following prescriptive best practices. AWS Control Towerorchestratesthe capabilities of several other AWS services, including AWS Organizations, AWS Service Catalog, and AWS IAM Identity Center, to build alanding zonein less than an hour.

Question 4

Name Custom CloudWatch Metrics (MDDPL)

Answer 4

– Memory utilization
– Disk swap utilization
– Disk space utilization
– Page file utilization
– Log collection

Question 5

FSx for Lustre

Answer 5

Amazon FSx For Lustrefor the first requirement, as it provides a high-performance, parallel file system for hot data.

Question 6

Evaluate

100 All Traffic Allow
200 All Traffic Deny
* All Traffic Deny

Answer 6

The request above will be allowed. Rules are evaluated at the lowest level

Question 7

True or False - RDS is used for OLTP

Answer 7

True - RDS is mainly used for On-Line Transaction Processing (OLTP) applications and not for Online Analytics Processing (OLAP)

Question 8

What is RedShift

Answer 8

Amazon Redshift is a fully-managed, petabyte-scale data warehouse service in the Cloud. An Amazon Redshift data warehouse is a collection of computing resources called nodes, which are organized into a group called a cluster. Each cluster runs an Amazon Redshift engine and contains one or more databases.

Question 9

Explain Cognito

Answer 9

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password or through a third party such as Facebook, Amazon, Google, or Apple. The two main components of Amazon Cognito are user pools and identity pools

Question 10

Explain HSM

Answer 10

The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud.

Question 11

Explain Audit Manager

Answer 11

AWS Audit Manager is an automated service that produces reports specific to auditors for PCI compliance, GDPR, and more.

Question 12

True or False - You can change security groups if an instance is already running

Answer 12

True - After you launch an instance into a VPC, you can change the security groups that are associated with the instance. You can change the security groups for an instance when the instance is in the running or stopped state.

Question 13

Explain Configuration of NACL

Answer 13

The default configuration of the default NACL is Allow, and the default configuration of a custom NACL is Deny.

Question 14

True or False - Network ACLs are stateless, and security groups are stateful.

Answer 14

True

Question 15

Explain Load Balancing and Instances

Answer 15

The load balancer routes requests only to the healthy instances. When the load balancer determines that an instance is unhealthy, it stops routing requests to that instance. The load balancer resumes routing requests to the instance when it has been restored to a healthy state.

Question 16

Explain Multi AZ Deployment

Answer 16

SYNCHRONOUS

Amazon RDS Multi-AZ deployments provide enhanced availability and durability for RDS database (DB) instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention.

In RDS Multi-AZ, when a change is made to the primary database, that change must be successfully written to the standby instance before the transaction is considered committed.

IF asynchronous replication means that the primary database does not wait for the standby to acknowledge receipt of the data.

Question 17

APP FLOW

Answer 17

AppFlow offers a fully managed service for easily automating the exchange of data between SaaS vendors and AWS services like Amazon S3.

Question 18

Authenticate with Cognito

Answer 18

Step 1 - Authenticate and get tokens. Step 2 - Exchange tokens and get AWS credentials. Step 3 - Access AWS services using credentials.

Question 19

Grafana

Answer 19

Grafana is an open-source platform used for monitoring, visualization, and analysis of metrics and logs in real-time.

Question 20

Prometheus

Answer 20

Amazon Managed Service for Prometheus (AMP) is a fully managed, scalable, and secure monitoring service based on the open-source Prometheus project. It is designed to collect, store, and query metrics from containerized applications and infrastructure at scale.

Question 21

EKS Distro

Answer 21

EKS Distro, which allows you to leverage the best practices and established processes on-premises that Amazon EKS uses in AWS.

Question 22

QLDB

Answer 22

Best for financial, supply chain mgmt, health records, regulatory

Amazon Quantum Ledger Database (QLDB)
This is an immutable and cryptographically verifiable database and would be the best solution.

Question 23

True or False

Kinesis Data Streams can be used to continuously collect data about player-game interactions and feed the data into your gaming platform. With Kinesis Data Streams, you can design a game that provides engaging and dynamic experiences based on players’ actions and behaviors.

Answer 23

True

Question 24

Scale In

Answer 24

Remove instance from the oldest launch configuration

Question 25

Which action will not cause the data to be deleted on an instance store volume?

Answer 25

reboot

Question 26

AWS Transcribe

Answer 26

Amazon Transcribe is an AWS service that provides automatic speech recognition (ASR) to convert audio input into text.

Question 27

AWS Lex

Answer 27

Amazon Lex is a service provided by AWS that allows developers to build conversational interfaces using voice and text.

Question 28

AWS Polly

Answer 28

Amazon Polly is a service from AWS that turns text into lifelike speech.

Question 29

AWS Comprehend

Answer 29

Amazon Comprehend is a natural language processing (NLP) service provided by AWS that uses machine learning to uncover insights and relationships in text.

Question 30

AWS Translate

Answer 30

Amazon Translate is a neural machine translation service provided by AWS that allows developers to easily translate text between different languages.

Question 31

AWS Rekognition

Answer 31

Rekognition is designed to automatically detect objects, scenes, and faces, recognize celebrities, and provide facial analysis and facial search capabilities.

Question 32

Explain VPN Connection

Answer 32

It provides a connection between an on-premises network and a VPC, using a secure and private connection with IPsec and TLS.

Question 33

True or False: messages in the SQS queue will continue to exist even after the EC2 instance has processed it, until you delete that message.

Answer 33

True

Question 34

API Gateway Throttling

Answer 34

Amazon API Gatewayprovides throttling at multiple levels including global and by service call. Throttling limits can be set for standard rates and bursts.

Question 35

VPC Flow Logs

Answer 35

Amazon VPC Flow Logs is a feature provided by AWS that enables you to capture information about the IP traffic going to and from network interfaces in your Virtual Private Cloud (VPC).

Question 36

Systems Manager vs. Organizations vs. Control Tower

Answer 36

AWS Control Tower builds on top of Organizations to provide a more comprehensive governance framework, automatically enforcing security best practices and compliance controls across your accounts, while AWS Systems Manager focuses on managing and automating operations on individual servers and instances across your AWS environment, regardless of the account structure within Organizations; essentially, Control Tower provides a higher level of centralized management with pre-defined security policies, whereas Systems Manager is more focused on day-to-day operational tasks on individual systems.